Change log for FORGEROCK_IDENTITY_CLOUD
| Date | Changes |
|---|---|
| 2026-03-30 | Enhancement:
- `event.idm.read_only_udm.additional.fields`: Newly mapped `source_cloud`, `type`, `entry_info_nodeExtraLogging_auditInfo_Timestamp`, `entry_info_nodeOutcome`, `entry_info_authLevel` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.principal.application`: Newly mapped `entry_info_nodeExtraLogging_auditInfo_clientId` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `entry_info_nodeExtraLogging_auditInfo_EventName`, `entry_info_nodeExtraLogging_auditInfo_FlowType`, `entry_info_displayName`, `entry_info_nodeType` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.security_result.action`: Newly mapped `entry_info_nodeExtraLogging_auditInfo_Status` raw log field with `event.idm.read_only_udm.security_result.action` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `entry_info_nodeExtraLogging_auditInfo_TransactionId` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `entry_info_nodeId` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `entry_info_treeName` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.principal.url`: Newly mapped `tenant_url` raw log field with `event.idm.read_only_udm.principal.url` UDM field. - `event.idm.read_only_udm.metadata.event_type`: Mapped `USER_LOGIN` to `event.idm.read_only_udm.metadata.event_type` to when `payload.eventName` is `AM-NODE-LOGIN-COMPLETED` and contains principal data. - The updated raw log now allows the fields to parse properly and the following fields are now being mapped correctly: - `event.idm.read_only_udm.metadata.event_type` - `event.idm.read_only_udm.metadata.log_type` - `event.idm.read_only_udm.metadata.product_event_type` - `event.idm.read_only_udm.security_result.severity` - `event.idm.read_only_udm.security_result.severity_details` - `event.idm.read_only_udm.target.resource.attribute.labels` - `event.idm.read_only_udm.target.resource.name` |
| 2025-08-06 | Enhancement:
- event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `payload.realm` raw log field to `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `payload.source` raw log field to `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.severity_details: Newly mapped `payload.level` raw log field to `event.idm.read_only_udm.security_result.severity_details` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `payload.timestamp` raw log field to `event.idm.read_only_udm.metadata.event_timestamp` UDM field. |
| 2025-07-22 | Enhancement:
- Added support for new pattern of JSON logs. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `payload.client.ip` and `payload.http.request.headers.x-forwarded-for` raw log fields with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. - `event.idm.read_only_udm.principal.port`: Newly mapped `payload.client.port` raw log field with `event.idm.read_only_udm.principal.port` UDM field. - `event.idm.read_only_udm.network.http.request.method`: Newly mapped `payload.http.request.method` raw log field with `event.idm.read_only_udm.network.http.request.method` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `payload.http.request.path` raw log field with `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `payload.topic`, `payload.http.request.headers.accept-api-version`, `payload.http.request.secure`, `payload.request.detail`, `payload.response`, `payload.request`, `payload.trackingIds`, `payload.objectId` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `payload.http.request.headers.user-agent` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - `event.idm.read_only_udm.principal.hostname` and `event.idm.read_only_udm.principal.asset.hostname`: Newly mapped `payload.http.request.headers.host` raw log field with `event.idm.read_only_udm.principal.hostname` and `event.idm.read_only_udm.principal.asset.hostname` UDM fields. - `event.idm.read_only_udm.network.application_protocol`: Newly mapped `payload.http.request.headers.x-forwarded-proto` raw log field with `event.idm.read_only_udm.network.application_protocol` UDM field. - `event.idm.read_only_udm.network.http.response_code`: Newly mapped `payload.response.statusCode` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field. - `event.idm.read_only_udm.security_result.action_details`: Newly mapped `payload.operation` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - `event.idm.read_only_udm.metadata.event_type`: Set `event.idm.read_only_udm.metadata.event_type` to `NETWORK_HTTP` when `has_network_http` is `true` and `has_principal` is `true`. - `event.idm.read_only_udm.metadata.event_type`: Set `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED` when `has_principal_user` is `true`. |
| 2024-03-11 | - Newly created parser
|